nimble: correct way to terminate connection when pairing key is incorrect

golden911
Posts: 1
Joined: Sun Feb 25, 2024 4:39 pm

nimble: correct way to terminate connection when pairing key is incorrect

Postby golden911 » Sun Feb 25, 2024 4:50 pm

Hi,

I am writing a firmware based on the bleprh example code. My device has a display, which I will be using to show the passkey (BLE_SM_IOACT_DISP). Currently, if I type in the incorrect passkey on my phone, "ble_gap_security_initiate" still succeeds and I connect to the device, except it is not authenticated/bonded/encrypted. In this case, I can read/write nonencrypted services. I only want to connect if it is secure. What is the correct way to do this? Currently, I have some code in "BLE_GAP_EVENT_ENC_CHANGE" case to terminate the connection but this does not seem correct.

My "bleprph_gap_event" code:
  1.        case BLE_GAP_EVENT_CONNECT:
  2.             MODLOG_DFLT(INFO, "connection %s; status=%d ", event->connect.status == 0 ? "established" : "failed", event->connect.status);
  3.             if (event->connect.status == 0) {
  4.                 rc = ble_gap_conn_find(event->connect.conn_handle, &desc);
  5.                 assert(rc == 0);
  6.                 bleprph_print_conn_desc(&desc);
  7.                 MODLOG_DFLT(INFO, "\n");
  8.  
  9.                 rc = ble_gap_security_initiate(event->connect.conn_handle);
  10.                 if (rc != 0) {
  11.                     MODLOG_DFLT(INFO, "Security could not be initiated, rc = %d\n", rc);
  12.                     return ble_gap_terminate(event->connect.conn_handle, BLE_ERR_REM_USER_CONN_TERM);
  13.                 } else {
  14.                     MODLOG_DFLT(INFO, "Connection secured\n");
  15.                 }
  16.             } else {
  17.                 /* Connection failed; resume advertising. */
  18.                 bleprph_advertise();
  19.             }
  20. /*.....*/
  21.         case BLE_GAP_EVENT_ENC_CHANGE:
  22.             /* Encryption has been enabled or disabled for this connection. */
  23.             MODLOG_DFLT(INFO, "encryption change event; status=%d ", event->enc_change.status);
  24.             rc = ble_gap_conn_find(event->enc_change.conn_handle, &desc);
  25.             assert(rc == 0);
  26.            
  27.             bleprph_print_conn_desc(&desc);
  28.             MODLOG_DFLT(INFO, "\n");
  29.  
  30.             // XXX is this the correct way to do this??
  31.             if(desc.sec_state.authenticated == 0 || desc.sec_state.encrypted == 0 || desc.sec_state.bonded == 0) {
  32.                 MODLOG_DFLT(INFO, "failed pairing, terminating connection\n");
  33.                 ble_store_util_delete_peer(&desc.peer_id_addr);
  34.                 return ble_gap_terminate(event->connect.conn_handle, BLE_ERR_REM_USER_CONN_TERM);
  35.             }
Config:
  1.     /* Initialize the NimBLE host configuration. */
  2.     ble_hs_cfg.reset_cb = bleprph_on_reset;
  3.     ble_hs_cfg.sync_cb = bleprph_on_sync;
  4.     ble_hs_cfg.gatts_register_cb = gatt_svr_register_cb;
  5.     ble_hs_cfg.store_status_cb = ble_store_util_status_rr;
  6.  
  7.     ble_hs_cfg.sm_io_cap = BLE_SM_IO_CAP_DISP_ONLY;
  8.     ble_hs_cfg.sm_bonding = 1;
  9.     /* Enable the appropriate bit masks to make sure the keys
  10.      * that are needed are exchanged
  11.      */
  12.     ble_hs_cfg.sm_our_key_dist |= BLE_SM_PAIR_KEY_DIST_ENC;
  13.     ble_hs_cfg.sm_their_key_dist |= BLE_SM_PAIR_KEY_DIST_ENC;
  14.     ble_hs_cfg.sm_mitm = 1;
  15.     ble_hs_cfg.sm_sc = 1;
  16.  
  17.     /* Stores the IRK */
  18.     ble_hs_cfg.sm_our_key_dist |= BLE_SM_PAIR_KEY_DIST_ID;
  19.     ble_hs_cfg.sm_their_key_dist |= BLE_SM_PAIR_KEY_DIST_ID;
Any help would very much so be appreciated. Thank you!
powered by coffee and air

MicroController
Posts: 1707
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: nimble: correct way to terminate connection when pairing key is incorrect

Postby MicroController » Mon Feb 26, 2024 10:47 am

Code: Select all

// XXX is this the correct way to do this??
I believe it is. I haven't found a way to make the BT stack automatically reject insecure connections either.

Thinking about it, one could try requiring authentication/encryption for read access to the service descriptor...

Who is online

Users browsing this forum: No registered users and 116 guests